1. Technical Field
Embodiments of the present invention are related to the fields of data processing and data communication, and in particular, to wireless networking.
2. Description of Related Art
An Institute of Electrical and Electronic Engineers (IEEE) 802.11e standard (approved 2005, IEEE Standards Board, Piscataway, N.Y.), among other things, define aspects of Worldwide Inoperability for Microwave Access (WiMAX) for Wireless Metropolitan Area Networks (MANs). Under WiMAX, uplink and downlink control media access control (MAC) messages are cryptographically signed in order to protect against replay attacks. For the purpose of signing MAC messages, an authentication key (AK) is generated at both the Mobile Subscriber Station (MSS) and Base Station (BS). From AK, both MSS and BS generate an Uplink MAC key and Downlink MAC key which are used for signing uplink and downlink MAC control messages respectively. In order to protect against replay attacks on MAC messages, associated with each AK is an Uplink Packet Number and a Downlink Packet Number that are stored as part of a AK Context and are used in computation for MAC message signing. The Uplink Packet Number is incremented whenever a new Uplink MAC message needs to be sent by the MS. Similarly, the Downlink Packet Number is incremented whenever a new Downlink MAC message needs to be sent by the BS. The Uplink and Downlink Packet Number Counters have to be unique for each uplink and downlink MAC management message, otherwise a security hole is created and that allows replay attack.
Additionally, under WiMAX, a MSS can do a high speed handoff (HO) from one BS to another leading to creation of a new AK and AK context at MSS and the new BS. Since an AK can have a lifetime of several days, MSS and old BS are required to cache the AK and AK Context after MSS does handoff until that AK is valid. This ensures two things: a) when the MSS HO back to the old BS, correct AK and Uplink Packet Number and Downlink Packet Number are used i.e. starting for the value at least one more than just before the HO and b) avoiding the need to do lengthy authentication steps to generate new AK and AK Context whenever MSS does a HO. Since AKs can have a valid lifetime of several days, BSs have to cache a large number of AKs and AK Contexts belonging not only to MSSs currently active in the network but also MSS that had joined and left the network but still have valid AKs. This leads to potentially large memory requirements in BS and lengthy searches that are keyed by MSS, leading to a costly BS.